from flask import Flask
from flask_talisman import Talisman

app = Flask(__name__)

# 配置内容安全策略（可根据实际情况调整内容）
csp = {
    'default-src': ['\'self\'', 'https://trusted.com'],
    'script-src': ['\'self\'', 'https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js']
}

# 配置Talisman，启用强制HTTPS访问等相关安全配置
talisman = Talisman(
    app,
    content_security_policy=csp,
    force_https=True,
    strict_transport_security={
        'max_age': 31536000  # 设置HSTS有效期为1年，单位为秒，这样的写法嵌套在字典中传递参数
    },
    frame_options='DENY'
)

@app.route('/')
def index():
    return "Hello, World!"

if __name__ == '__main__':
    app.run(ssl_context=('cert.pem', 'key.pem'))